research-library
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
reslib addcommand inreslib/cli.pyincludes a feature to download documents from external URLs usingurllib.request.urlretrieve. This is a core intended function of the research library for importing web-based research materials. - [COMMAND_EXECUTION]: The file
tests/test_extractor.pycontains asubprocess.runcall used to initiate thepytestrunner. This is a standard part of the development and testing workflow for the skill and is not executed during normal agent operation. - [PROMPT_INJECTION]: The skill ingests untrusted text content from local files and URLs via text extraction (PDF parsing, OCR, code parsing). While this creates a potential surface for indirect prompt injection where malicious text in a document could influence the agent, the skill is a local-first management tool and does not exhibit any specific vulnerabilities in how it handles or interpolates this data.
Audit Metadata